Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    heroku-bouncerpublic

    node-heroku-bouncer Build Status

    node-heroku-bouncer is an easy-to-use module for adding Heroku OAuth authentication to Express 4 apps.

    Install

    $ npm install heroku-bouncer --save

    Requirements

    • Node 0.10.x
    • Express 4.x

    Use

    Ensure your app is using the cookie-parser and client-sessions middlewares. This module is not guaranteed to work with any other session middleware.

    var express      = require('express');
    var cookieParser = require('cookie-parser');
    var sessions     = require('client-sessions');
    var bouncer      = require('heroku-bouncer');
    var app          = express();
     
    app.use(cookieParser('your cookie secret'));
     
    // NOTE: These options are good general options for use in a Heroku app, but 
    // carefully review your own environment's needs before just copying these. 
    app.use(sessions({
      cookieName    : 'session',
      secret        : 'your session secret',
      duration      : 24 * 60 * 60 * 1000,
      activeDuration: 1000 * 60 * 5,
      cookie        : {
        path     : '/',
        ephemeral: false,
        httpOnly : true,
        secure   : false
      }
    }));
     
    app.use(bouncer({
      oAuthClientID      : 'client-id',
      oAuthClientSecret  : 'client-secret',
      encryptionSecret   : 'abcd1234abcd1234'
    }));
     
    app.get('/', function(req, res) {
      res.end('You must be logged in.');
    });

    After requests pass through the bouncer middleware, they'll have the heroku-bouncer property on them:

    {
      token: 'user-api-token',
      id   : 'user-id',
      name : 'user-name',
      email: 'user-email'
    }

    To log a user out, send them to /auth/heroku/logout.

    Options

    Options Required? Default Description
    encryptionSecret Yes n/a A random string used to encrypt your user session data
    oAuthClientID Yes n/a The ID of your Heroku OAuth client
    oAuthClientSecret Yes n/a The secret of your Heroku OAuth client
    herokuAPIHost No n/a An optional override host to send Heroku API requests to
    sessionSyncNonce No null The name of a nonce cookie to validate sessions against
    ignoredRoutes No [] An array of regular expressions to match routes to be ignored when there is no session active
    oAuthServerURL No "https://id.heroku.com" The location of the Heroku OAuth server
    herokaiOnlyHandler No null A route handler that will be called on requests by non-Herokai

    Test

    $ npm test

    Keywords

    none

    install

    npm i heroku-bouncer

    Downloadsweekly downloads

    3

    version

    4.0.1

    license

    MIT

    repository

    github.com

    last publish

    collaborators

    • avatar